diff --git a/build.gradle b/build.gradle index a53c87c88..d6f031f77 100644 --- a/build.gradle +++ b/build.gradle @@ -15,48 +15,30 @@ */ buildscript { + ext { + korkVersion = "5.0.0" + } repositories { jcenter() maven { url "https://spinnaker.bintray.com/gradle" } maven { url "https://plugins.gradle.org/m2/" } } dependencies { - classpath 'com.netflix.spinnaker.gradle:spinnaker-dev-plugin:5.2.2' + classpath 'com.netflix.spinnaker.gradle:spinnaker-dev-plugin:6.0.0' + if (Boolean.valueOf(enablePublishing)) { + classpath 'com.netflix.spinnaker.gradle:spinnaker-gradle-project:6.0.0' + } } } allprojects { group = "com.netflix.spinnaker.fiat" apply plugin: 'spinnaker.base-project' - apply plugin: 'java' - apply plugin: 'groovy' - - ext { - spinnakerDependenciesVersion = '1.40.0' - if (project.hasProperty('spinnakerDependenciesVersion')) { - spinnakerDependenciesVersion = project.property('spinnakerDependenciesVersion') - } - } - - def checkLocalVersions = [spinnakerDependenciesVersion: spinnakerDependenciesVersion] - if (ext.has('versions')) { - def extVers = ext.get('versions') - if (extVers instanceof Map) { - checkLocalVersions.putAll(extVers) - } - } - - def localVersions = checkLocalVersions.findAll { it.value.endsWith('-SNAPSHOT') } - if (localVersions) { - logger.info("Enabling mavenLocal repo for $localVersions") - repositories { - mavenLocal() - } - } - - spinnaker { - dependenciesVersion = spinnakerDependenciesVersion + if (Boolean.valueOf(enablePublishing)) { + apply plugin: 'spinnaker.project' } + apply plugin: 'java-library' + apply plugin: 'groovy' test { testLogging { @@ -78,16 +60,23 @@ allprojects { subprojects { project -> dependencies { - spinnaker.group('test') + implementation platform("com.netflix.spinnaker.kork:kork-bom:$korkVersion") + compileOnly "org.projectlombok:lombok" + annotationProcessor platform("com.netflix.spinnaker.kork:kork-bom:$korkVersion") + annotationProcessor "org.projectlombok:lombok" + testAnnotationProcessor platform("com.netflix.spinnaker.kork:kork-bom:$korkVersion") + testAnnotationProcessor "org.projectlombok:lombok" - testCompile spinnaker.dependency('groovy') - } + implementation "org.springframework.boot:spring-boot-properties-migrator" - //c&p this because NetflixOss reverts it to 1.7 and ends up getting applied last.. - project.plugins.withType(JavaBasePlugin) { - JavaPluginConvention convention = project.convention.getPlugin(JavaPluginConvention) - convention.sourceCompatibility = JavaVersion.VERSION_1_8 - convention.targetCompatibility = JavaVersion.VERSION_1_8 + testImplementation "org.springframework.boot:spring-boot-starter-test" + testImplementation "org.spockframework:spock-core" + testImplementation "org.spockframework:spock-spring" + testImplementation "org.springframework:spring-test" + testImplementation "org.hamcrest:hamcrest-core" + testRuntimeOnly "cglib:cglib-nodep" + testRuntimeOnly "org.objenesis:objenesis" + testImplementation "org.codehaus.groovy:groovy-all" } } diff --git a/fiat-api/fiat-api.gradle b/fiat-api/fiat-api.gradle index f6cabfd78..2c460b98f 100644 --- a/fiat-api/fiat-api.gradle +++ b/fiat-api/fiat-api.gradle @@ -15,33 +15,22 @@ */ dependencies { - compile project(":fiat-core") + implementation project(":fiat-core") - compileOnly spinnaker.dependency("bootWeb") - compileOnly spinnaker.dependency("frigga") - compileOnly spinnaker.dependency("korkSecurity") - compileOnly spinnaker.dependency("korkWeb") - compileOnly spinnaker.dependency("kork") - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") - compileOnly spinnaker.dependency("okHttp") - compileOnly spinnaker.dependency("okHttpUrlconnection") - compileOnly spinnaker.dependency("okHttpApache") - compileOnly spinnaker.dependency("retrofit") - compileOnly spinnaker.dependency("retrofitJackson") - compileOnly spinnaker.dependency("spectatorApi") + implementation "org.springframework:spring-aop" + implementation "org.springframework:spring-web" + implementation "org.springframework.security:spring-security-core" + implementation "org.springframework.security:spring-security-web" + implementation "com.netflix.spectator:spectator-api" + implementation "com.netflix.spinnaker.kork:kork-core" + implementation "com.netflix.spinnaker.kork:kork-security" + implementation "com.netflix.spinnaker.kork:kork-web" + implementation "com.squareup.retrofit:retrofit" + implementation "com.squareup.retrofit:converter-jackson" - compile spinnaker.dependency("guava") - compile spinnaker.dependency("springSecurityConfig") - compile spinnaker.dependency("springSecurityCore") - compile spinnaker.dependency("springSecurityWeb") + compileOnly "javax.servlet:javax.servlet-api" - testCompile spinnaker.dependency("retrofit") - testCompile spinnaker.dependency("okHttp") - testCompile spinnaker.dependency("slf4jApi") - testCompile spinnaker.dependency("frigga") - testCompile spinnaker.dependency("korkSecurity") - testCompile spinnaker.dependency("kork") - testCompile spinnaker.dependency("bootAutoConfigure") - testCompile spinnaker.dependency("spectatorApi") + implementation "com.github.ben-manes.caffeine:caffeine" + + testImplementation "org.slf4j:slf4j-api" } diff --git a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatAuthenticationConfig.java b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatAuthenticationConfig.java index 61f6a8f89..ef4529930 100644 --- a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatAuthenticationConfig.java +++ b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatAuthenticationConfig.java @@ -18,15 +18,13 @@ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; -import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.config.OkHttpClientConfiguration; import com.netflix.spinnaker.okhttp.SpinnakerRequestInterceptor; +import com.netflix.spinnaker.retrofit.Slf4jRetrofitLogger; import com.squareup.okhttp.OkHttpClient; import lombok.Setter; import lombok.extern.slf4j.Slf4j; import lombok.val; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.context.properties.EnableConfigurationProperties; @@ -37,6 +35,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; import org.springframework.security.web.context.SecurityContextPersistenceFilter; import retrofit.Endpoints; import retrofit.RestAdapter; @@ -59,8 +58,7 @@ public class FiatAuthenticationConfig { @Bean @ConditionalOnMissingBean(FiatService.class) // Allows for override - public FiatService fiatService(Registry registry, - FiatClientConfigurationProperties fiatConfigurationProperties, + public FiatService fiatService(FiatClientConfigurationProperties fiatConfigurationProperties, SpinnakerRequestInterceptor interceptor, OkHttpClientConfiguration okHttpClientConfiguration) { // New role providers break deserialization if this is not enabled. @@ -98,40 +96,16 @@ private class FiatWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap private final FiatStatus fiatStatus; private FiatWebSecurityConfigurerAdapter(FiatStatus fiatStatus) { + super(true); this.fiatStatus = fiatStatus; } @Override protected void configure(HttpSecurity http) throws Exception { - /* - * Having `FiatAuthenticationFilter` prior to `SecurityContextPersistenceFilter` results in the - * `SecurityContextHolder` being overridden with a null value. - * - * The null value then causes the `AnonymousAuthenticationFilter` to inject an "anonymousUser" which when - * passed over the wire to fiat is promptly rejected. - * - * This behavior is triggered when `management.security.enabled` is `false`. - */ - http - .csrf().disable() - .addFilterAfter(new FiatAuthenticationFilter(fiatStatus), SecurityContextPersistenceFilter.class); - } - } - - private static class Slf4jRetrofitLogger implements RestAdapter.Log { - private final Logger logger; - - Slf4jRetrofitLogger(Class type) { - this(LoggerFactory.getLogger(type)); - } - - Slf4jRetrofitLogger(Logger logger) { - this.logger = logger; - } - - @Override - public void log(String message) { - logger.info(message); + http.servletApi().and() + .exceptionHandling().and() + .anonymous().and() + .addFilterBefore(new FiatAuthenticationFilter(fiatStatus), AnonymousAuthenticationFilter.class); } } } diff --git a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatClientConfigurationProperties.java b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatClientConfigurationProperties.java index 34b8e4618..e577ecf3d 100644 --- a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatClientConfigurationProperties.java +++ b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatClientConfigurationProperties.java @@ -52,16 +52,15 @@ public RetryConfiguration getRetry() { } @Data - class PermissionsCache { + public static class PermissionsCache { private Integer maxEntries = 1000; private Integer expiresAfterWriteSeconds = 20; } @Data - class RetryConfiguration { + public static class RetryConfiguration { private DynamicConfigService dynamicConfigService; - private long maxBackoffMillis = 10000; private long initialBackoffMillis = 500; private double retryMultiplier = 1.5; diff --git a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java index a056e2eba..23f1333a9 100644 --- a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java +++ b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluator.java @@ -17,9 +17,8 @@ package com.netflix.spinnaker.fiat.shared; -import com.google.common.cache.Cache; -import com.google.common.cache.CacheBuilder; -import com.google.common.util.concurrent.UncheckedExecutionException; +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; import com.netflix.spectator.api.Id; import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.fiat.model.Authorization; @@ -46,7 +45,6 @@ import java.util.Optional; import java.util.Set; import java.util.concurrent.Callable; -import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicReference; @@ -130,7 +128,7 @@ private static RetryHandler buildRetryHandler(FiatClientConfigurationProperties this.fiatStatus = fiatStatus; this.retryHandler = retryHandler; - this.permissionsCache = CacheBuilder + this.permissionsCache = Caffeine .newBuilder() .maximumSize(configProps.getCache().getMaxEntries()) .expireAfterWrite(configProps.getCache().getExpiresAfterWriteSeconds(), TimeUnit.SECONDS) @@ -205,35 +203,41 @@ public UserPermission.View getPermission(String username) { AtomicReference exception = new AtomicReference<>(); try { - view = permissionsCache.get(username, () -> { + view = permissionsCache.get(username, (loadUserName) -> { cacheHit.set(false); - return AuthenticatedRequest.propagate(() -> { - try { - return retryHandler.retry("getUserPermission for " + username, () -> fiatService.getUserPermission(username)); - } catch (Exception e) { - if (!fiatStatus.isLegacyFallbackEnabled()) { - throw e; + try { + return AuthenticatedRequest.propagate(() -> { + try { + return retryHandler.retry("getUserPermission for " + loadUserName, () -> fiatService.getUserPermission(loadUserName)); + } catch (Exception e) { + if (!fiatStatus.isLegacyFallbackEnabled()) { + throw e; + } + + legacyFallback.set(true); + successfulLookup.set(false); + exception.set(e); + + // this fallback permission will be temporarily cached in the permissions cache + return new UserPermission.View( + new UserPermission() + .setId(AuthenticatedRequest.getSpinnakerUser().orElse("anonymous")) + .setAccounts( + Arrays + .stream(AuthenticatedRequest.getSpinnakerAccounts().orElse("").split(",")) + .map(a -> new Account().setName(a)) + .collect(Collectors.toSet()) + ) + ).setLegacyFallback(true).setAllowAccessToUnknownApplications(true); } - - legacyFallback.set(true); - successfulLookup.set(false); - exception.set(e); - - // this fallback permission will be temporarily cached in the permissions cache - return new UserPermission.View( - new UserPermission() - .setId(AuthenticatedRequest.getSpinnakerUser().orElse("anonymous")) - .setAccounts( - Arrays - .stream(AuthenticatedRequest.getSpinnakerAccounts().orElse("").split(",")) - .map(a -> new Account().setName(a)) - .collect(Collectors.toSet()) - ) - ).setLegacyFallback(true).setAllowAccessToUnknownApplications(true); - } - }).call(); + }).call(); + } catch (RuntimeException re) { + throw re; + } catch (Exception e) { + throw new RuntimeException(e); + } }); - } catch (ExecutionException | UncheckedExecutionException e) { + } catch (Exception e) { successfulLookup.set(false); exception.set(e.getCause() != null ? e.getCause() : e); } @@ -352,7 +356,7 @@ public boolean isAdmin(Authentication authentication) { return permission != null && permission.isAdmin(); } - public class AuthorizationFailure { + public static class AuthorizationFailure { private final Authorization authorization; private final ResourceType resourceType; private final String resourceName; diff --git a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatService.java b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatService.java index 8defb3668..f7f0e5107 100644 --- a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatService.java +++ b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatService.java @@ -17,7 +17,7 @@ package com.netflix.spinnaker.fiat.shared; import com.netflix.spinnaker.fiat.model.UserPermission; -import com.squareup.okhttp.Response; +import retrofit.client.Response; import retrofit.http.Body; import retrofit.http.DELETE; import retrofit.http.GET; diff --git a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatStatus.java b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatStatus.java index f7a31b246..bd6492eab 100644 --- a/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatStatus.java +++ b/fiat-api/src/main/java/com/netflix/spinnaker/fiat/shared/FiatStatus.java @@ -17,6 +17,7 @@ package com.netflix.spinnaker.fiat.shared; import com.netflix.spectator.api.Registry; +import com.netflix.spectator.api.patterns.PolledMeter; import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -46,8 +47,8 @@ public FiatStatus(Registry registry, this.enabled = new AtomicBoolean(fiatClientConfigurationProperties.isEnabled()); this.legacyFallbackEnabled = new AtomicBoolean(fiatClientConfigurationProperties.isLegacyFallback()); - registry.gauge("fiat.enabled", enabled, value -> enabled.get() ? 1 : 0); - registry.gauge("fiat.legacyFallback.enabled", legacyFallbackEnabled, value -> legacyFallbackEnabled.get() ? 1 : 0); + PolledMeter.using(registry).withName("fiat.enabled").monitorValue(enabled, value -> enabled.get() ? 1 : 0); + PolledMeter.using(registry).withName("fiat.legacyFallback.enabled").monitorValue(legacyFallbackEnabled, value -> legacyFallbackEnabled.get() ? 1 : 0); } public boolean isEnabled() { diff --git a/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy b/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy index b7d7e364b..5e185bd3a 100644 --- a/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy +++ b/fiat-api/src/test/groovy/com/netflix/spinnaker/fiat/shared/FiatPermissionEvaluatorSpec.groovy @@ -103,46 +103,18 @@ class FiatPermissionEvaluatorSpec extends Specification { .setAuthorizations([Authorization.READ] as Set)] as Set) upv.setServiceAccounts([new ServiceAccount.View().setName(svcAcct) .setMemberOf(["foo"])] as Set) + fiatService.getUserPermission("testUser") >> upv - when: - def hasPermission = evaluator.hasPermission(authentication, - resource, - 'APPLICATION', - 'READ') - - then: - 1 * fiatService.getUserPermission("testUser") >> upv - hasPermission - - when: - hasPermission = evaluator.hasPermission(authentication, - resource, - 'APPLICATION', - 'WRITE') // Missing authorization - - then: - 1 * fiatService.getUserPermission("testUser") >> upv - !hasPermission + expect: + evaluator.hasPermission(authentication, resource, 'APPLICATION', 'READ') - when: - hasPermission = evaluator.hasPermission(authentication, - resource, // Missing resource - 'SERVICE_ACCOUNT', - 'WRITE') + // Missing authorization: + !evaluator.hasPermission(authentication, resource, 'APPLICATION', 'WRITE') - then: - 1 * fiatService.getUserPermission("testUser") >> upv - !hasPermission + // Missing resource + !evaluator.hasPermission(authentication, resource, 'SERVICE_ACCOUNT', 'WRITE') - when: - hasPermission = evaluator.hasPermission(authentication, - svcAcct, - 'SERVICE_ACCOUNT', - 'WRITE') - - then: - 1 * fiatService.getUserPermission("testUser") >> upv - hasPermission + evaluator.hasPermission(authentication, svcAcct, 'SERVICE_ACCOUNT', 'WRITE') } @Unroll @@ -241,9 +213,9 @@ class FiatPermissionEvaluatorSpec extends Specification { } @Unroll - def "should allow an admin to access all resource types"() { + def "should allow an admin to access #resourceType"() { given: - 2 * fiatService.getUserPermission("testUser") >> { + fiatService.getUserPermission("testUser") >> { return new UserPermission.View() .setApplications(Collections.emptySet()) .setAdmin(true) @@ -275,7 +247,7 @@ class FiatPermissionEvaluatorSpec extends Specification { } private static FiatClientConfigurationProperties buildConfigurationProperties() { - FiatClientConfigurationProperties configurationProperties = new FiatClientConfigurationProperties(); + FiatClientConfigurationProperties configurationProperties = new FiatClientConfigurationProperties() configurationProperties.enabled = true configurationProperties.cache.maxEntries = 0 diff --git a/fiat-core/fiat-core.gradle b/fiat-core/fiat-core.gradle index c49300ba9..584f7785f 100644 --- a/fiat-core/fiat-core.gradle +++ b/fiat-core/fiat-core.gradle @@ -1,22 +1,9 @@ dependencies { - compileOnly spinnaker.dependency("retrofit") - compileOnly spinnaker.dependency("okHttp") - compileOnly spinnaker.dependency("okHttpUrlconnection") - compileOnly spinnaker.dependency("okHttpApache") - compileOnly spinnaker.dependency("retrofitJackson") + implementation "com.fasterxml.jackson.core:jackson-annotations" + implementation "com.google.code.findbugs:jsr305" + implementation "org.slf4j:slf4j-api" - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") - - compile "org.apache.commons:commons-lang3:3.4" - compile spinnaker.dependency("slf4jApi") - compile spinnaker.dependency("guava") - - testCompile spinnaker.dependency("spockSpring") - testCompile "commons-io:commons-io:2.5" - testCompile spinnaker.dependency("retrofitJackson") - spinnaker.group("test") - testCompile spinnaker.dependency("bootAutoConfigure") - testCompile spinnaker.dependency("bootActuator") + testImplementation "org.springframework.boot:spring-boot" + testImplementation "com.fasterxml.jackson.core:jackson-databind" } diff --git a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/Authorization.java b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/Authorization.java index 29c24471e..60dc2869a 100644 --- a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/Authorization.java +++ b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/Authorization.java @@ -16,8 +16,15 @@ package com.netflix.spinnaker.fiat.model; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + public enum Authorization { READ, WRITE, - EXECUTE + EXECUTE; + + public static Set ALL = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(values()))); } diff --git a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Account.java b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Account.java index 4cda6156a..848beecac 100644 --- a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Account.java +++ b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Account.java @@ -17,14 +17,11 @@ package com.netflix.spinnaker.fiat.model.resources; import com.fasterxml.jackson.annotation.JsonIgnore; -import com.google.common.collect.Sets; import com.netflix.spinnaker.fiat.model.Authorization; import lombok.Data; import lombok.EqualsAndHashCode; import lombok.NoArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import java.util.HashSet; import java.util.Set; @Data @@ -51,7 +48,7 @@ public static class View extends BaseView implements Authorizable { public View(Account account, Set userRoles, boolean isAdmin) { this.name = account.name; if (isAdmin) { - this.authorizations = Sets.newHashSet(Authorization.READ, Authorization.WRITE); + this.authorizations = Authorization.ALL; } else { this.authorizations = account.permissions.getAuthorizations(userRoles); } diff --git a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Application.java b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Application.java index 66d1605fa..bb8b9be64 100644 --- a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Application.java +++ b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Application.java @@ -17,12 +17,10 @@ package com.netflix.spinnaker.fiat.model.resources; import com.fasterxml.jackson.annotation.JsonIgnore; -import com.google.common.collect.Sets; import com.netflix.spinnaker.fiat.model.Authorization; import lombok.Data; import lombok.EqualsAndHashCode; import lombok.NoArgsConstructor; -import lombok.extern.slf4j.Slf4j; import java.util.Set; @@ -49,7 +47,7 @@ public static class View extends BaseView implements Authorizable { public View(Application application, Set userRoles, boolean isAdmin) { this.name = application.name; if (isAdmin) { - this.authorizations = Sets.newHashSet(Authorization.READ, Authorization.WRITE, Authorization.EXECUTE); + this.authorizations = Authorization.ALL; } else { this.authorizations = application.permissions.getAuthorizations(userRoles); } diff --git a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/BuildService.java b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/BuildService.java index a18227ed7..a2410fa8b 100644 --- a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/BuildService.java +++ b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/BuildService.java @@ -17,7 +17,6 @@ package com.netflix.spinnaker.fiat.model.resources; -import com.google.common.collect.Sets; import com.netflix.spinnaker.fiat.model.Authorization; import lombok.Data; import lombok.EqualsAndHashCode; @@ -50,7 +49,7 @@ public static class View extends Viewable.BaseView implements Authorizable { public View(BuildService buildService, Set userRoles, boolean isAdmin) { this.name = buildService.name; if (isAdmin) { - this.authorizations = Sets.newHashSet(Authorization.READ, Authorization.WRITE); + this.authorizations = Authorization.ALL; } else { this.authorizations = buildService.permissions.getAuthorizations(userRoles); } diff --git a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Permissions.java b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Permissions.java index aa5419e27..c51700871 100644 --- a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Permissions.java +++ b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Permissions.java @@ -18,28 +18,18 @@ import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonValue; -import com.google.common.annotations.VisibleForTesting; -import com.google.common.collect.ImmutableList; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; import com.netflix.spinnaker.fiat.model.Authorization; import lombok.EqualsAndHashCode; import lombok.ToString; import lombok.val; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; import java.util.stream.Collectors; /** * Representation of authorization configuration for a resource. This object is immutable, which * makes it challenging when working with Jackson's - * {@link com.fasterxml.jackson.databind.ObjectMapper} and Spring's {@link ConfigurationProperties}. + * {{ObjectMapper}} and Spring's {{\@ConfigurationProperties}}. * The {@link Builder} is a helper class for the latter use case. */ @ToString @@ -47,7 +37,6 @@ public class Permissions { public static Permissions EMPTY = new Permissions.Builder().build(); - private static Set UNRESTRICTED_AUTH = ImmutableSet.copyOf(Authorization.values()); private final Map> permissions; @@ -95,7 +84,7 @@ public Set getAuthorizations(Set userRoles) { public Set getAuthorizations(List userRoles) { if (!isRestricted()) { - return UNRESTRICTED_AUTH; + return Authorization.ALL; } return this.permissions @@ -152,15 +141,16 @@ public Builder add(Authorization a, List groups) { } public Permissions build() { - ImmutableMap.Builder> builder = ImmutableMap.builder(); + final Map> perms = new HashMap<>(); this.forEach((auth, groups) -> { - List lowerGroups = groups.stream() + List lowerGroups = Collections.unmodifiableList(groups.stream() .map(String::trim) + .filter(s -> !s.isEmpty()) .map(String::toLowerCase) - .collect(Collectors.toList()); - builder.put(auth, ImmutableList.copyOf(lowerGroups)); + .collect(Collectors.toList())); + perms.put(auth, lowerGroups); }); - return new Permissions(builder.build()); + return new Permissions(Collections.unmodifiableMap(perms)); } } } diff --git a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/ResourceType.java b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/ResourceType.java index 09231d043..d0e5ef679 100644 --- a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/ResourceType.java +++ b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/ResourceType.java @@ -16,8 +16,7 @@ package com.netflix.spinnaker.fiat.model.resources; -import lombok.NonNull; -import org.apache.commons.lang3.StringUtils; +import javax.annotation.Nonnull; public enum ResourceType { ACCOUNT(Account.class), @@ -33,11 +32,9 @@ public enum ResourceType { } // TODO(ttomsu): This is Redis-specific, so it probably shouldn't go here. - public static ResourceType parse(@NonNull String pluralOrKey) { - if (pluralOrKey.contains(":")) { - pluralOrKey = StringUtils.substringAfterLast(pluralOrKey, ":"); - } - String singular = StringUtils.removeEnd(pluralOrKey, "s"); + public static ResourceType parse(@Nonnull String pluralOrKey) { + pluralOrKey = pluralOrKey.substring(pluralOrKey.lastIndexOf(':') + 1); + String singular = pluralOrKey.endsWith("s") ? pluralOrKey.substring(0, pluralOrKey.length() - 1) : pluralOrKey; return ResourceType.valueOf(singular.toUpperCase()); } diff --git a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Role.java b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Role.java index 2c9da7727..b2b16788f 100644 --- a/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Role.java +++ b/fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Role.java @@ -20,10 +20,8 @@ import lombok.Data; import lombok.EqualsAndHashCode; import lombok.NoArgsConstructor; -import org.apache.commons.lang3.StringUtils; -import java.util.Collections; -import java.util.List; +import javax.annotation.Nonnull; import java.util.Set; @Data @@ -48,9 +46,9 @@ public Role(String name) { this.setName(name); } - public Role setName(String name) { - if (StringUtils.isEmpty(name)) { - throw new IllegalArgumentException("name cannot be null or empty"); + public Role setName(@Nonnull String name) { + if (name.isEmpty()) { + throw new IllegalArgumentException("name cannot be empty"); } this.name = name.toLowerCase(); return this; diff --git a/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/YamlFileApplicationContextInitializer.java b/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/YamlFileApplicationContextInitializer.java index 0ca841682..ca9e854b7 100644 --- a/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/YamlFileApplicationContextInitializer.java +++ b/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/YamlFileApplicationContextInitializer.java @@ -23,6 +23,7 @@ import org.springframework.core.io.Resource; import java.io.IOException; +import java.util.List; // source: https://stackoverflow.com/a/37349492/5569046 public class YamlFileApplicationContextInitializer implements ApplicationContextInitializer { @@ -31,8 +32,10 @@ public void initialize(ConfigurableApplicationContext applicationContext) { try { Resource resource = applicationContext.getResource("classpath:application.yml"); YamlPropertySourceLoader sourceLoader = new YamlPropertySourceLoader(); - PropertySource yamlTestProperties = sourceLoader.load("yamlTestProperties", resource, null); - applicationContext.getEnvironment().getPropertySources().addLast(yamlTestProperties); + List> yamlTestProperties = sourceLoader.load("yamlTestProperties", resource); + for (PropertySource ps : yamlTestProperties) { + applicationContext.getEnvironment().getPropertySources().addLast(ps); + } } catch (IOException e) { throw new RuntimeException(e); } diff --git a/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/PermissionsSpec.groovy b/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/PermissionsSpec.groovy index bbb134998..93805f7f0 100644 --- a/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/PermissionsSpec.groovy +++ b/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/PermissionsSpec.groovy @@ -37,7 +37,10 @@ class PermissionsSpec extends Specification { @Autowired TestConfigProps testConfigProps - ObjectMapper mapper = new ObjectMapper().configure(SerializationFeature.INDENT_OUTPUT, true) + ObjectMapper mapper = + new ObjectMapper() + .enable(SerializationFeature.INDENT_OUTPUT) + .enable(SerializationFeature.ORDER_MAP_ENTRIES_BY_KEYS) String permissionJson = '''{ "READ" : [ "foo" ], @@ -183,7 +186,7 @@ class PermissionsSpec extends Specification { static class TestConfig { } - @ConfigurationProperties("testRoot") + @ConfigurationProperties("test-root") static class TestConfigProps { Permissions.Builder permissions } diff --git a/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/ResourceSpec.groovy b/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/ResourceSpec.groovy index 59c4c19d6..bf78f8b9e 100644 --- a/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/ResourceSpec.groovy +++ b/fiat-core/src/test/groovy/com/netflix/spinnaker/fiat/model/resources/ResourceSpec.groovy @@ -45,7 +45,7 @@ class ResourceSpec extends Specification { where: input || e - null || IllegalArgumentException.class + null || NullPointerException.class "" || IllegalArgumentException.class "account:" || IllegalArgumentException.class "account:s" || IllegalArgumentException.class diff --git a/fiat-file/fiat-file.gradle b/fiat-file/fiat-file.gradle index beb9aaea3..925790949 100644 --- a/fiat-file/fiat-file.gradle +++ b/fiat-file/fiat-file.gradle @@ -15,10 +15,15 @@ */ dependencies { - compile project(":fiat-roles") - compile "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:${spinnaker.version('jackson')}" + implementation project(":fiat-roles") + implementation project(":fiat-core") + implementation "com.fasterxml.jackson.core:jackson-core" + implementation "com.fasterxml.jackson.core:jackson-databind" + implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml" + implementation "commons-io:commons-io" + implementation "org.springframework.boot:spring-boot-autoconfigure" + implementation "org.slf4j:slf4j-api" - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") + testImplementation "com.github.ben-manes.caffeine:guava" } diff --git a/fiat-file/src/main/java/com/netflix/spinnaker/fiat/roles/file/FileBasedUserRolesProvider.java b/fiat-file/src/main/java/com/netflix/spinnaker/fiat/roles/file/FileBasedUserRolesProvider.java index a1c5aa73d..21f88c39f 100644 --- a/fiat-file/src/main/java/com/netflix/spinnaker/fiat/roles/file/FileBasedUserRolesProvider.java +++ b/fiat-file/src/main/java/com/netflix/spinnaker/fiat/roles/file/FileBasedUserRolesProvider.java @@ -43,7 +43,7 @@ @Slf4j @Component -@ConditionalOnProperty(value = "auth.groupMembership.service", havingValue = "file") +@ConditionalOnProperty(value = "auth.group-membership.service", havingValue = "file") public class FileBasedUserRolesProvider implements UserRolesProvider { @Autowired @@ -84,7 +84,7 @@ public Map> multiLoadRoles(Collection use @Data @Configuration - @ConfigurationProperties(prefix = "auth.groupMembership.file") + @ConfigurationProperties(prefix = "auth.group-membership.file") static class ConfigProps { String path; } diff --git a/fiat-github/fiat-github.gradle b/fiat-github/fiat-github.gradle index 759fcdde5..f0838dce4 100644 --- a/fiat-github/fiat-github.gradle +++ b/fiat-github/fiat-github.gradle @@ -1,13 +1,10 @@ dependencies { - compile project(":fiat-core") - compile project(":fiat-roles") + implementation project(":fiat-core") + implementation project(":fiat-roles") - compile spinnaker.dependency("bootWeb") - compile spinnaker.dependency("commonsLang") - compile spinnaker.dependency("guava") - compile spinnaker.dependency("retrofit") - compile spinnaker.dependency("retrofitJackson") - - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") + implementation "org.springframework.boot:spring-boot-starter-web" + implementation "org.apache.commons:commons-lang3" + implementation "com.github.ben-manes.caffeine:guava" + implementation "com.squareup.retrofit:retrofit" + implementation "com.squareup.retrofit:converter-jackson" } diff --git a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/config/GitHubConfig.java b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/config/GitHubConfig.java index c3446d364..20beeec72 100644 --- a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/config/GitHubConfig.java +++ b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/config/GitHubConfig.java @@ -20,7 +20,7 @@ * Converts the list of GitHub Configuration properties a collection of clients to access the GitHub hosts */ @Configuration -@ConditionalOnProperty(value = "auth.groupMembership.service", havingValue = "github") +@ConditionalOnProperty(value = "auth.group-membership.service", havingValue = "github") @Slf4j public class GitHubConfig { diff --git a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GitHubProperties.java b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GitHubProperties.java index 2df02d9c8..cd5b679b3 100644 --- a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GitHubProperties.java +++ b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GitHubProperties.java @@ -1,21 +1,21 @@ package com.netflix.spinnaker.fiat.roles.github; import lombok.Data; -import org.hibernate.validator.constraints.NotEmpty; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; import javax.validation.constraints.Max; import javax.validation.constraints.Min; +import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; /** * Helper class to map masters in properties file into a validated property map */ @Configuration -@ConditionalOnProperty(value = "auth.groupMembership.service", havingValue = "github") -@ConfigurationProperties(prefix = "auth.groupMembership.github") +@ConditionalOnProperty(value = "auth.group-membership.service", havingValue = "github") +@ConfigurationProperties(prefix = "auth.group-membership.github") @Data public class GitHubProperties { @NotEmpty diff --git a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java index cade6c761..3959e811b 100644 --- a/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java +++ b/fiat-github/src/main/java/com/netflix/spinnaker/fiat/roles/github/GithubTeamsUserRolesProvider.java @@ -25,9 +25,8 @@ import com.netflix.spinnaker.fiat.permissions.ExternalUser; import com.netflix.spinnaker.fiat.roles.UserRolesProvider; import com.netflix.spinnaker.fiat.roles.github.client.GitHubClient; -import com.netflix.spinnaker.fiat.roles.github.model.Team; import com.netflix.spinnaker.fiat.roles.github.model.Member; -import com.netflix.spinnaker.fiat.roles.github.model.TeamMembership; +import com.netflix.spinnaker.fiat.roles.github.model.Team; import lombok.Data; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -40,27 +39,14 @@ import org.springframework.util.Assert; import retrofit.RetrofitError; import retrofit.client.Header; -import retrofit.client.Response; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.Callable; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.TimeUnit; + +import java.util.*; +import java.util.concurrent.*; import java.util.stream.Collectors; @Slf4j @Component -@ConditionalOnProperty(value = "auth.groupMembership.service", havingValue = "github") +@ConditionalOnProperty(value = "auth.group-membership.service", havingValue = "github") public class GithubTeamsUserRolesProvider implements UserRolesProvider, InitializingBean { private static List RATE_LIMITING_HEADERS = Arrays.asList( diff --git a/fiat-google-groups/fiat-google-groups.gradle b/fiat-google-groups/fiat-google-groups.gradle index df50ebec6..3c9254067 100644 --- a/fiat-google-groups/fiat-google-groups.gradle +++ b/fiat-google-groups/fiat-google-groups.gradle @@ -15,15 +15,11 @@ */ dependencies { - compile project(":fiat-roles") - compile project(":fiat-core") + implementation project(":fiat-roles") + implementation project(":fiat-core") - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") - - compile spinnaker.dependency("bootWeb") - compile spinnaker.dependency("commonsLang") - compile spinnaker.dependency("googleApiClient") - - compile "com.google.apis:google-api-services-admin-directory:directory_v1-rev105-1.25.0" + implementation "org.springframework.boot:spring-boot-starter-web" + implementation "org.apache.commons:commons-lang3" + implementation "com.google.api-client:google-api-client" + implementation "com.google.apis:google-api-services-admin-directory" } diff --git a/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java b/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java index 2dfd4523d..97d5be6c3 100644 --- a/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java +++ b/fiat-google-groups/src/main/java/com/netflix/spinnaker/fiat/roles/google/GoogleDirectoryUserRolesProvider.java @@ -63,7 +63,7 @@ @Slf4j @Component -@ConditionalOnProperty(value = "auth.groupMembership.service", havingValue = "google") +@ConditionalOnProperty(value = "auth.group-membership.service", havingValue = "google") public class GoogleDirectoryUserRolesProvider implements UserRolesProvider, InitializingBean { @Autowired @@ -206,7 +206,7 @@ private static Role toRole(Group g) { @Data @Configuration - @ConfigurationProperties("auth.groupMembership.google") + @ConfigurationProperties("auth.group-membership.google") public static class Config { /** diff --git a/fiat-ldap/fiat-ldap.gradle b/fiat-ldap/fiat-ldap.gradle index 630388b91..47aa62cde 100644 --- a/fiat-ldap/fiat-ldap.gradle +++ b/fiat-ldap/fiat-ldap.gradle @@ -15,18 +15,10 @@ */ dependencies { - compile project(":fiat-roles") + implementation project(":fiat-roles") + implementation project(":fiat-core") - compileOnly spinnaker.dependency("retrofit") - compileOnly spinnaker.dependency("okHttp") - compileOnly spinnaker.dependency("okHttpUrlconnection") - compileOnly spinnaker.dependency("okHttpApache") - compileOnly spinnaker.dependency("retrofitJackson") - - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") - - compile "org.springframework.security:spring-security-ldap:${spinnaker.version('springSecurity')}" - - spinnaker.group("spockBase") + implementation "org.apache.commons:commons-lang3" + implementation "org.springframework.boot:spring-boot-autoconfigure" + implementation "org.springframework.security:spring-security-ldap" } diff --git a/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/config/LdapConfig.java b/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/config/LdapConfig.java index 678a3c7f8..dc8a944ab 100644 --- a/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/config/LdapConfig.java +++ b/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/config/LdapConfig.java @@ -17,7 +17,6 @@ package com.netflix.spinnaker.fiat.config; import lombok.Data; -import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.context.properties.ConfigurationProperties; @@ -29,7 +28,7 @@ import java.text.MessageFormat; @Configuration -@ConditionalOnProperty(value = "auth.groupMembership.service", havingValue = "ldap") +@ConditionalOnProperty(value = "auth.group-membership.service", havingValue = "ldap") public class LdapConfig { @Autowired @@ -47,7 +46,7 @@ SpringSecurityLdapTemplate springSecurityLdapTemplate() throws Exception { @Data @Configuration - @ConfigurationProperties("auth.groupMembership.ldap") + @ConfigurationProperties("auth.group-membership.ldap") public static class ConfigProps { String url; String managerDn; diff --git a/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/roles/ldap/LdapUserRolesProvider.java b/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/roles/ldap/LdapUserRolesProvider.java index e037f0fd5..c7c25d176 100644 --- a/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/roles/ldap/LdapUserRolesProvider.java +++ b/fiat-ldap/src/main/java/com/netflix/spinnaker/fiat/roles/ldap/LdapUserRolesProvider.java @@ -20,7 +20,6 @@ import com.netflix.spinnaker.fiat.model.resources.Role; import com.netflix.spinnaker.fiat.permissions.ExternalUser; import com.netflix.spinnaker.fiat.roles.UserRolesProvider; -import java.util.Collections; import lombok.Setter; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; @@ -36,17 +35,12 @@ import javax.naming.InvalidNameException; import javax.naming.Name; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; import java.util.stream.Collectors; @Slf4j @Component -@ConditionalOnProperty(value = "auth.groupMembership.service", havingValue = "ldap") +@ConditionalOnProperty(value = "auth.group-membership.service", havingValue = "ldap") public class LdapUserRolesProvider implements UserRolesProvider { @Autowired diff --git a/fiat-roles/fiat-roles.gradle b/fiat-roles/fiat-roles.gradle index a3b4badb5..0acccbb7e 100644 --- a/fiat-roles/fiat-roles.gradle +++ b/fiat-roles/fiat-roles.gradle @@ -15,21 +15,23 @@ */ dependencies { - compile project(":fiat-core") + implementation project(":fiat-core") - spinnaker.group("retrofitDefault") + implementation "com.squareup.retrofit:retrofit" + implementation "com.squareup.retrofit:converter-jackson" + implementation "com.squareup.okhttp:okhttp" + implementation "com.squareup.okhttp:okhttp-urlconnection" + implementation "com.squareup.okhttp:okhttp-apache" - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") + implementation "org.springframework.boot:spring-boot-starter-actuator" + implementation "org.springframework.boot:spring-boot-starter-web" - compile spinnaker.dependency("bootActuator") - compile spinnaker.dependency("bootWeb") - compile spinnaker.dependency("googleApiClient") - compile spinnaker.dependency("korkDynomite") - compile spinnaker.dependency("korkHystrix") - compile spinnaker.dependency("korkJedis") - compile "redis.clients:jedis:2.9.3" + implementation "com.netflix.spinnaker.kork:kork-dynomite" + implementation "com.netflix.spinnaker.kork:kork-hystrix" + implementation "com.netflix.spinnaker.kork:kork-jedis" + implementation "redis.clients:jedis" + implementation "com.google.api-client:google-api-client" - testCompile spinnaker.dependency("korkJedisTest") - testCompile "org.apache.commons:commons-collections4:4.1" + testImplementation "com.netflix.spinnaker.kork:kork-jedis-test" + testImplementation "org.apache.commons:commons-collections4:4.1" } diff --git a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/ResourceProvidersHealthIndicator.java b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/ResourceProvidersHealthIndicator.java index d5216c1fa..02ba1ea75 100644 --- a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/ResourceProvidersHealthIndicator.java +++ b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/ResourceProvidersHealthIndicator.java @@ -30,7 +30,7 @@ @Slf4j @Component -@ConditionalOnExpression("${fiat.writeMode.enabled:true}") +@ConditionalOnExpression("${fiat.write-mode.enabled:true}") public class ResourceProvidersHealthIndicator extends AbstractHealthIndicator { @Autowired diff --git a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/UnrestrictedResourceConfig.java b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/UnrestrictedResourceConfig.java index e9f6a12e0..887d70d8e 100644 --- a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/UnrestrictedResourceConfig.java +++ b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/config/UnrestrictedResourceConfig.java @@ -18,7 +18,6 @@ import com.netflix.spinnaker.fiat.model.UserPermission; import com.netflix.spinnaker.fiat.permissions.PermissionsRepository; -import com.netflix.spinnaker.fiat.permissions.PermissionsResolver; import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -29,7 +28,7 @@ public class UnrestrictedResourceConfig { public static String UNRESTRICTED_USERNAME = "__unrestricted_user__"; @Bean - @ConditionalOnExpression("${fiat.writeMode.enabled:true}") + @ConditionalOnExpression("${fiat.write-mode.enabled:true}") String addUnrestrictedUser(PermissionsRepository permissionsRepository) { if (!permissionsRepository.get(UNRESTRICTED_USERNAME).isPresent()) { permissionsRepository.put(new UserPermission().setId(UNRESTRICTED_USERNAME)); diff --git a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/RedisPermissionsRepository.java b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/RedisPermissionsRepository.java index 70e986562..c503da639 100644 --- a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/RedisPermissionsRepository.java +++ b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/permissions/RedisPermissionsRepository.java @@ -155,6 +155,7 @@ public Optional get(@NonNull String id) { userResponseMap.put(r, resourceMap); Response> unrestrictedMap = p.hgetAll(unrestrictedUserKey(r)); unrestrictedResponseMap.put(r, unrestrictedMap); + log.info("Resource: {}; map size: {}", r, unrestrictedResponseMap.size()); } Response admin = p.sismember(adminKey(), id); p.sync(); diff --git a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesSyncer.java b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesSyncer.java index a7bcbc065..da87540de 100644 --- a/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesSyncer.java +++ b/fiat-roles/src/main/java/com/netflix/spinnaker/fiat/roles/UserRolesSyncer.java @@ -33,7 +33,6 @@ import com.netflix.spinnaker.fiat.providers.ResourceProvider; import com.netflix.spinnaker.kork.eureka.RemoteStatusChangedEvent; import com.netflix.spinnaker.kork.lock.LockManager; -import java.util.function.Function; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; @@ -52,11 +51,12 @@ import java.util.Map; import java.util.Optional; import java.util.concurrent.atomic.AtomicBoolean; +import java.util.function.Function; import java.util.stream.Collectors; @Slf4j @Component -@ConditionalOnExpression("${fiat.writeMode.enabled:true}") +@ConditionalOnExpression("${fiat.write-mode.enabled:true}") public class UserRolesSyncer implements ApplicationListener { private final Optional discoveryClient; @@ -83,10 +83,10 @@ public UserRolesSyncer(Optional discoveryClient, PermissionsResolver permissionsResolver, ResourceProvider serviceAccountProvider, ResourceProvidersHealthIndicator healthIndicator, - @Value("${fiat.writeMode.retryIntervalMs:10000}") long retryIntervalMs, - @Value("${fiat.writeMode.syncDelayMs:600000}") long syncDelayMs, - @Value("${fiat.writeMode.syncFailureDelayMs:600000}") long syncFailureDelayMs, - @Value("${fiat.writeMode.syncDelayTimeoutMs:30000}") long syncDelayTimeoutMs) { + @Value("${fiat.write-mode.retry-interval-ms:10000}") long retryIntervalMs, + @Value("${fiat.write-mode.sync-delay-ms:600000}") long syncDelayMs, + @Value("${fiat.write-mode.sync-failure-delay-ms:600000}") long syncFailureDelayMs, + @Value("${fiat.write-mode.sync-delay-timeout-ms:30000}") long syncDelayTimeoutMs) { this.discoveryClient = discoveryClient; this.lockManager = lockManager; diff --git a/fiat-web/fiat-web.gradle b/fiat-web/fiat-web.gradle index db4b42541..0323bca55 100644 --- a/fiat-web/fiat-web.gradle +++ b/fiat-web/fiat-web.gradle @@ -17,29 +17,30 @@ configurations.all { } dependencies { - spinnaker.group('retrofitDefault') - - compileOnly spinnaker.dependency("lombok") - annotationProcessor spinnaker.dependency("lombok") - - compile spinnaker.dependency('bootActuator') - compile spinnaker.dependency('bootWeb') - compile spinnaker.dependency('kork') - compile spinnaker.dependency('korkWeb') - compile spinnaker.dependency("korkStackdriver") - compile spinnaker.dependency("korkSwagger") - - compile project(':fiat-core') - compile project(':fiat-api') - compile project(':fiat-roles') + implementation "com.squareup.retrofit:retrofit" + implementation "com.squareup.retrofit:converter-jackson" + implementation "com.squareup.okhttp:okhttp" + implementation "com.squareup.okhttp:okhttp-urlconnection" + implementation "com.squareup.okhttp:okhttp-apache" + + implementation "org.springframework.boot:spring-boot-starter-actuator" + implementation "org.springframework.boot:spring-boot-starter-web" + implementation "com.netflix.spinnaker.kork:kork-core" + implementation "com.netflix.spinnaker.kork:kork-web" + implementation "com.netflix.spinnaker.kork:kork-stackdriver" + implementation "com.netflix.spinnaker.kork:kork-swagger" + + implementation project(':fiat-core') + implementation project(':fiat-roles') // Add each included authz provider as a runtime dependency gradle.includedProviderProjects.each { - runtime project(it) + implementation project(it) } - testCompile spinnaker.dependency('korkJedisTest') - testCompile "org.skyscreamer:jsonassert:1.3.0" + testImplementation "com.netflix.spinnaker.kork:kork-jedis" + testImplementation "com.netflix.spinnaker.kork:kork-jedis-test" + testImplementation "com.netflix.spinnaker.kork:kork-hystrix" } applicationName = 'fiat' diff --git a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/Main.java b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/Main.java index 2c009c645..38ca430f9 100644 --- a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/Main.java +++ b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/Main.java @@ -18,8 +18,9 @@ import com.netflix.spinnaker.config.ErrorConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.gson.GsonAutoConfiguration; import org.springframework.boot.builder.SpringApplicationBuilder; -import org.springframework.boot.web.support.SpringBootServletInitializer; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; @@ -36,7 +37,7 @@ "com.netflix.spinnaker.config", }) @Import(ErrorConfiguration.class) -@EnableAutoConfiguration +@EnableAutoConfiguration(exclude = {GsonAutoConfiguration.class}) public class Main extends SpringBootServletInitializer { private static final Map DEFAULT_PROPS = buildDefaults(); diff --git a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/ResourcesConfig.java b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/ResourcesConfig.java index 936ea1730..22f96dc74 100644 --- a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/ResourcesConfig.java +++ b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/ResourcesConfig.java @@ -24,6 +24,7 @@ import com.netflix.spinnaker.fiat.providers.internal.Front50Service; import com.netflix.spinnaker.fiat.providers.internal.IgorApi; import com.netflix.spinnaker.fiat.providers.internal.IgorService; +import com.netflix.spinnaker.retrofit.Slf4jRetrofitLogger; import lombok.Setter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -57,14 +58,18 @@ public class ResourcesConfig { @Setter private OkClient okClient; - @Value("${services.front50.baseUrl}") + @Value("${services.front50.base-url}") @Setter private String front50Endpoint; - @Value("${services.clouddriver.baseUrl}") + @Value("${services.clouddriver.base-url}") @Setter private String clouddriverEndpoint; + @Value("${services.igor.base-url}") + @Setter + private String igorEndpoint; + @Bean Front50Api front50Api() { return new RestAdapter.Builder() @@ -123,21 +128,4 @@ IgorService igorService(IgorApi igorApi) { ProviderHealthTracker providerHealthTracker(ProviderCacheConfig config) { return new ProviderHealthTracker(config.getMaximumStalenessTimeMs()); } - - private static class Slf4jRetrofitLogger implements RestAdapter.Log { - private final Logger logger; - - Slf4jRetrofitLogger(Class type) { - this(LoggerFactory.getLogger(type)); - } - - Slf4jRetrofitLogger(Logger logger) { - this.logger = logger; - } - - @Override - public void log(String message) { - logger.debug(message); - } - } } diff --git a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/RetrofitConfig.java b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/RetrofitConfig.java index 1885d3e43..2b9a27c47 100644 --- a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/RetrofitConfig.java +++ b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/config/RetrofitConfig.java @@ -57,19 +57,19 @@ public class RetrofitConfig { @Setter private OkHttpClientConfiguration okHttpClientConfig; - @Value("${okHttpClient.connectionPool.maxIdleConnections:5}") + @Value("${ok-http-client.connection-pool.max-idle-connections:5}") @Setter private int maxIdleConnections; - @Value("${okHttpClient.connectionPool.keepAliveDurationMs:300000}") + @Value("${ok-http-client.connection-pool.keep-alive-duration-ms:300000}") @Setter private int keepAliveDurationMs; - @Value("${okHttpClient.retryOnConnectionFailure:true}") + @Value("${ok-http-client.retry-on-connection-failure:true}") @Setter private boolean retryOnConnectionFailure; - @Value("${okHttpClient.retries.maxElapsedBackoffMs:5000}") + @Value("${ok-http-client.retries.max-elapsed-backoff-ms:5000}") @Setter private long maxElapsedBackoffMs; @@ -83,7 +83,7 @@ ObjectMapper objectMapper() { } @Bean - RestAdapter.LogLevel retrofitLogLevel(@Value("${retrofit.logLevel:BASIC}") String logLevel) { + RestAdapter.LogLevel retrofitLogLevel(@Value("${retrofit.log-level:BASIC}") String logLevel) { return RestAdapter.LogLevel.valueOf(logLevel); } diff --git a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/controllers/RolesController.java b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/controllers/RolesController.java index fe2e2156c..37df7c057 100644 --- a/fiat-web/src/main/java/com/netflix/spinnaker/fiat/controllers/RolesController.java +++ b/fiat-web/src/main/java/com/netflix/spinnaker/fiat/controllers/RolesController.java @@ -43,7 +43,7 @@ @Slf4j @RestController @RequestMapping("/roles") -@ConditionalOnExpression("${fiat.writeMode.enabled:true}") +@ConditionalOnExpression("${fiat.write-mode.enabled:true}") public class RolesController { @Autowired diff --git a/fiat-web/src/test/groovy/com/netflix/spinnaker/config/EmbeddedRedisConfig.groovy b/fiat-web/src/test/groovy/com/netflix/spinnaker/config/EmbeddedRedisConfig.groovy index dcfd9ea16..9fd44b899 100644 --- a/fiat-web/src/test/groovy/com/netflix/spinnaker/config/EmbeddedRedisConfig.groovy +++ b/fiat-web/src/test/groovy/com/netflix/spinnaker/config/EmbeddedRedisConfig.groovy @@ -38,12 +38,12 @@ class EmbeddedRedisConfig { } @Bean - Pool jedisPool() { - redisServer().pool + Pool jedisPool(EmbeddedRedis embeddedRedis) { + embeddedRedis.pool } @Bean - RedisClientDelegate redisClientDelegate(EmbeddedRedis embeddedRedis) { - return new JedisClientDelegate(embeddedRedis.pool) + RedisClientDelegate redisClientDelegate(Pool jedisPool) { + return new JedisClientDelegate(jedisPool) } } diff --git a/fiat-web/src/test/groovy/com/netflix/spinnaker/config/FiatSystemTest.java b/fiat-web/src/test/groovy/com/netflix/spinnaker/config/FiatSystemTest.java index 33c389f4a..fa4404a99 100644 --- a/fiat-web/src/test/groovy/com/netflix/spinnaker/config/FiatSystemTest.java +++ b/fiat-web/src/test/groovy/com/netflix/spinnaker/config/FiatSystemTest.java @@ -1,12 +1,14 @@ package com.netflix.spinnaker.config; import com.netflix.spinnaker.fiat.Main; -import com.netflix.spinnaker.fiat.config.RedisConfig; import com.netflix.spinnaker.fiat.config.ResourcesConfig; +import org.junit.runner.RunWith; +import org.springframework.boot.test.context.SpringBootTest; import org.springframework.context.annotation.PropertySource; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.context.web.WebAppConfiguration; import java.lang.annotation.ElementType; @@ -21,10 +23,11 @@ @TestPropertySource("/fiat.properties") @DirtiesContext @ContextConfiguration(classes = { - RedisConfig.class, TestUserRoleProviderConfig.class, ResourcesConfig.class, Main.class} ) +@RunWith(SpringRunner.class) +@SpringBootTest public @interface FiatSystemTest { } diff --git a/fiat-web/src/test/groovy/com/netflix/spinnaker/fiat/controllers/AuthorizeControllerSpec.groovy b/fiat-web/src/test/groovy/com/netflix/spinnaker/fiat/controllers/AuthorizeControllerSpec.groovy index 49aa829b2..17355acb4 100644 --- a/fiat-web/src/test/groovy/com/netflix/spinnaker/fiat/controllers/AuthorizeControllerSpec.groovy +++ b/fiat-web/src/test/groovy/com/netflix/spinnaker/fiat/controllers/AuthorizeControllerSpec.groovy @@ -31,8 +31,11 @@ import com.netflix.spinnaker.fiat.providers.internal.Front50Service import org.slf4j.MDC import org.springframework.beans.factory.annotation.Autowired import org.springframework.test.web.servlet.MockMvc +import org.springframework.test.web.servlet.result.MockMvcResultHandlers import org.springframework.test.web.servlet.setup.MockMvcBuilders import org.springframework.web.context.WebApplicationContext +import redis.clients.jedis.Jedis +import redis.clients.util.Pool import spock.lang.Shared import spock.lang.Specification import spock.lang.Unroll @@ -64,6 +67,9 @@ class AuthorizeControllerSpec extends Specification { @Autowired TestUserRoleProviderConfig.TestUserRoleProvider userRoleProvider + @Autowired + Pool jedisPool + @Autowired ObjectMapper objectMapper @@ -78,10 +84,12 @@ class AuthorizeControllerSpec extends Specification { .webAppContextSetup(this.wac) .defaultRequest(get("/").content().contentType("application/json")) .build(); + + jedisPool.resource.withCloseable { it.flushAll() } } def "should get user from repo via endpoint"() { - setup: + given: permissionsRepository.put(unrestrictedUser) permissionsRepository.put(roleAUser) permissionsRepository.put(roleBUser) @@ -91,9 +99,10 @@ class AuthorizeControllerSpec extends Specification { def expected = objectMapper.writeValueAsString(unrestrictedUser.view) then: - mockMvc.perform(get("/authorize/anonymous")) - .andExpect(status().isOk()) - .andExpect(content().json(expected)) + def result = mockMvc.perform(get("/authorize/anonymous")) + + result.andDo(MockMvcResultHandlers.print()) + result.andExpect(status().isOk()).andExpect(content().json(expected)) when: expected = objectMapper.writeValueAsString(roleAUser.merge(unrestrictedUser).view) diff --git a/fiat-web/src/test/resources/fiat-test.yml b/fiat-web/src/test/resources/fiat-test.yml index bd8e960ca..db1170b9a 100644 --- a/fiat-web/src/test/resources/fiat-test.yml +++ b/fiat-web/src/test/resources/fiat-test.yml @@ -4,4 +4,5 @@ services: front50: baseUrl: 'http://localhost:8080' igor: - enabled: false \ No newline at end of file + enabled: false + baseUrl: null diff --git a/fiat-web/src/test/resources/fiat.properties b/fiat-web/src/test/resources/fiat.properties index 819462306..f83f57702 100644 --- a/fiat-web/src/test/resources/fiat.properties +++ b/fiat-web/src/test/resources/fiat.properties @@ -1,6 +1,5 @@ services.front50.baseUrl=ignored services.clouddriver.baseUrl=ignored services.igor.baseUrl=ignored - fiat.cache.expiresAfterWriteSeconds=0 fiat.writeMode.syncDelayMs=-1 diff --git a/gradle.properties b/gradle.properties index 44b85fa04..949e349c3 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,2 +1,3 @@ -org.gradle.parallel=true -includeProviders=file,github,google-groups,ldap \ No newline at end of file +org.gradle.parallel=false +includeProviders=file,github,google-groups,ldap +enablePublishing=false diff --git a/gradle/buildViaTravis.sh b/gradle/buildViaTravis.sh index 331e83857..c9f9a495a 100755 --- a/gradle/buildViaTravis.sh +++ b/gradle/buildViaTravis.sh @@ -1,12 +1,11 @@ #!/bin/bash # This script will build the project. -GRADLE="./gradlew -I gradle/init-publish.gradle" -export GRADLE_OPTS="-Xmx1g -Xms1g" +GRADLE="./gradlew -PenablePublishing=true" if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then echo -e "Build Pull Request #$TRAVIS_PULL_REQUEST => Branch [$TRAVIS_BRANCH]" - $GRADLE -Prelease.useLastTag=true build + $GRADLE build elif [ "$TRAVIS_PULL_REQUEST" == "false" ] && [ "$TRAVIS_TAG" == "" ]; then echo -e 'Build Branch with Snapshot => Branch ['$TRAVIS_BRANCH']' $GRADLE -Prelease.travisci=true -PbintrayUser="${bintrayUser}" -PbintrayKey="${bintrayKey}" build snapshot --stacktrace @@ -24,6 +23,6 @@ elif [ "$TRAVIS_PULL_REQUEST" == "false" ] && [ "$TRAVIS_TAG" != "" ]; then esac else echo -e 'WARN: Should not be here => Branch ['$TRAVIS_BRANCH'] Tag ['$TRAVIS_TAG'] Pull Request ['$TRAVIS_PULL_REQUEST']' - $GRADLE -Prelease.useLastTag=true build + $GRADLE build fi diff --git a/gradle/init-publish.gradle b/gradle/init-publish.gradle deleted file mode 100644 index d379a0165..000000000 --- a/gradle/init-publish.gradle +++ /dev/null @@ -1,14 +0,0 @@ -initscript { - repositories { - mavenLocal() - jcenter() - maven { url 'https://dl.bintray.com/spinnaker/gradle/' } - maven { url "https://plugins.gradle.org/m2/" } - } - dependencies { - classpath 'com.netflix.spinnaker.gradle:spinnaker-gradle-project:5.2.1' - } -} - -// Can't use the plugin ID (spinnaker.project) on init scripts for some reason. -apply plugin: com.netflix.spinnaker.gradle.project.SpinnakerProjectPlugin diff --git a/gradle/installViaTravis.sh b/gradle/installViaTravis.sh index f4e7244ea..9b21f349f 100755 --- a/gradle/installViaTravis.sh +++ b/gradle/installViaTravis.sh @@ -1,8 +1,7 @@ #!/bin/bash # This script will build the project. -GRADLE="./gradlew -I gradle/init-publish.gradle" -export GRADLE_OPTS="-Xmx1g -Xms1g" +GRADLE="./gradlew -PenablePublishing=true" if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then echo -e "Assemble Pull Request #$TRAVIS_PULL_REQUEST => Branch [$TRAVIS_BRANCH]" @@ -12,7 +11,7 @@ elif [ "$TRAVIS_PULL_REQUEST" == "false" ] && [ "$TRAVIS_TAG" == "" ]; then $GRADLE -Prelease.travisci=true assemble elif [ "$TRAVIS_PULL_REQUEST" == "false" ] && [ "$TRAVIS_TAG" != "" ]; then echo -e 'Assemble Branch for Release => Branch ['$TRAVIS_BRANCH'] Tag ['$TRAVIS_TAG']' - $GRADLE -Prelease.travisci=true -Prelease.useLastTag=true assemble + $GRADLE -Prelease.travisci=true assemble else echo -e 'WARN: Should not be here => Branch ['$TRAVIS_BRANCH'] Tag ['$TRAVIS_TAG'] Pull Request ['$TRAVIS_PULL_REQUEST']' $GRADLE assemble diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 29953ea14..5c2d1cf01 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index ea13fdfd1..5f1b1201a 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-5.3.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-5.4-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index cccdd3d51..b0d6d0ab5 100755 --- a/gradlew +++ b/gradlew @@ -1,5 +1,21 @@ #!/usr/bin/env sh +# +# Copyright 2015 the original author or authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + ############################################################################## ## ## Gradle start up script for UN*X @@ -28,7 +44,7 @@ APP_NAME="Gradle" APP_BASE_NAME=`basename "$0"` # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS="" +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD="maximum" diff --git a/gradlew.bat b/gradlew.bat index e95643d6a..15e1ee37a 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -1,3 +1,19 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem http://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + @if "%DEBUG%" == "" @echo off @rem ########################################################################## @rem @@ -14,7 +30,7 @@ set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -set DEFAULT_JVM_OPTS= +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" @rem Find java.exe if defined JAVA_HOME goto findJavaFromJavaHome